In 2010, the whole industrial automation world was stirred by the sudden appearance of the now infamous Stuxnet malware. In 2011 there were more publicly disclosed vulnerabilities than in the previous decade, with attack code readily available for more than a third of them. The need for improved cyber security for industrial networks has never been more apparent. Besides this targeted need, however, there is another reason why cyber security technology like Tofino is needed. That reason is the broader need for reliable networks that are used in mission-critical applications.

In reading about critical infrastructure protection and cyber security issues every day, I'm beginning to see a theme in our industry that is of special interest to me – cyber threats.

In my earlier column on the philosophy of Defense in Depth, I discussed how relying on a single defensive solution exposes a system to a single point of failure. No matter how well designed or strong that single defense is, either resourceful adversaries or Murphy’s Law eventually results in the defense malfunctioning or being bypassed. When that happens, the entire system is wide open to attack.

In my blog article Industrial Data Compromise – The New Business Risk, I recommended that End Users and Control Engineers need to redouble their efforts in relation to securing their process. However, finding the best way to justify the costs of implementing and maintaining a more secure process environment is new territory even for the most seasoned control system engineer. In this article I suggest a way to determine the right amount of investment in ICS and SCADA security measures.